56 matches found
UBUNTU-CVE-2026-33721
MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...
CVE-2026-33721
MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...
CVE-2026-33721 MapServer has heap buffer overflow in SLD `Categorize` Threshold parsing
MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...
EUVD-2026-16501
MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...
PT-2026-28511
Name of the Vulnerable Software and Affected Versions MapServer versions 4.2 through 8.6.0 Description MapServer is a system for developing web-based GIS applications. A heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser allows a remote, unauthenticated attacker to crash...
Mobiliti 安全漏洞
Mobiliti is an electric vehicle charging station system developed by the Hungarian company Mobiliti. Mobiliti has a security vulnerability, as the authentication identifiers can be accessed publicly through a web-based map platform...
Mobility46 安全漏洞
Mobility46 is a digital management platform for electric vehicle charging developed by the Swedish company Mobility46. There is a security vulnerability in Mobility46, as the identity verification identifiers of charging stations can be accessed publicly through a web-based mapping platform...
Chargemap 安全漏洞
Chargemap is a electric vehicle service platform website operated by the French company Chargemap. Chargemap has a security vulnerability, as the identity verification identifiers of charging stations can be accessed publicly through a web-based mapping platform...
Exploit for Improper Restriction of XML External Entity Reference in Geoserver
During my geoserver analysis I found another way to attack una...
The vulnerability of the implementation of the Web Map Service (WMS) protocol in the software for managing and publishing geospatial data on the OSGeo GeoServer server allows a perpetrator to disclose protected information and cause service failures.
The vulnerability of the Web Map Service WMS protocol implementation in the software for managing and publishing geospatial data on the OSGeo GeoServer server is related to an incorrect limitation on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to...
CVE-2025-21621
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...
CVE-2025-21621 GeoServer Reflected Cross-Site Scripting (XSS) vulnerability in WMS GetFeatureInfo HTML format
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...
EUVD-2025-199607
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...
CVE-2025-58360 GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature
GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap...
CVE-2025-58360 GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature
GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap...
EUVD-2025-199606
GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap...
CVE-2025-58360
CVE-2025-58360 : GeoServer contains an XML External Entity (XXE) vulnerability in the GetMap operation (/geoserver/wms). The issue arises from insufficient XML input sanitization, allowing external entities to be defined in requests. Affected: GeoServer versions 2.26.0–2.26.1 and 2.25.0–2.25.5 (i...
GeoServer 代码问题漏洞
GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A code issue vulnerability exists in GeoServer versions 2.26.0 through prior to 2.26.2 and prior to 2.25.6, which stems from insufficiently cleaned or restricted X...
PT-2025-48090
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...
MAL-2025-39384 Malicious code in wms-capabilities-parser (npm)
The package wms-capabilities-parser was found to contain malicious code...